Note that Domain Administrators are usually needed to create SPN's.
And servers and service accouts must be allowed to delegate.
Usually by default this is not the case.
There is a white paper for setting up Kerberos for Sharepoint 2010 which might be a good reference.
Although very long, it covers some new services (Claims to Windows), along with IIS and SSAS.
There are also some tools like KerbBuddy that prove useful too.
3 keys I like to set in the registries to help troubleshoot - are ones for logging, forcing kerberos to use TCPIP, and max packet size.
Good job giving a short overview. Many give up trying to set this up, and resort to workarounds.